Sign up for our weekly security newsletter

Spammers Make Illegal Use of SkyDrive

On January 7, 2008, McAfee's Avert Labs trapped a large number of spam mails that employed Microsoft's Windows Live SkyDrive service. This service offers free hosting of files of up to 1GB with the purpose to facilitate sale of their wares. A SkyDrive file within a link is an HTML-coded redirect web page that connects the user's browser to a URL under the spammer's control.

McAfee warns that under the terms and conditions of SkyDrive, spammers were distinctly conducting illegal operations. Moreover, the abuse was widely spread with an estimated 'tens of thousands' of files uploaded. spammers were also e-mailing links pointing to advertisements for typical spammers' products, especially pharmaceuticals. spam filters also failed to block URLs that SkyDrive uses, the security company said.

Chris Barton, Security Researcher at McAfee, said that Avert Labs caught spam in many thousands overnight that were largely abusing Windows Live SkyDrive Beta utility. InformationWeek published Barton's statement on January 8, 2008.

Several reasons exist in explaining this approach that resembles the adding of spam links to splogs, i.e., blogs saturated with spam. The services do not carry a price, provide distinct web links with a good longevity, host files of all kinds, and are almost safe from being blacklisted.

Security researchers of McAfee believe that the SkyDrive could be further abused in even sinister ways, therefore, they suggest that these content-sharing services should offer a file-scanning utility.

Barton said that McAfee had observed a few spam campaigns that used SkyDrive in November 2007 but those scaled at much lower levels than the January 7 campaign. He thinks that it would only be a short time when the service would be employed to host many other types of undesirable content.

Windows Live SkyDrive prohibits using the service for disruption or harm to others' computers. It also does not allow illegal access of software or to evade security mechanisms on servers or websites.

Security researchers, though consider Microsoft's Code of Conduct for the content-sharing service as quite appropriate, they are not certain if the service's prohibitory use will tolerate spamming for selling products rather than those causing disruption or harm.

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!